(Photo: Lenovo)!
<- RSPEAK_START ->
In the service tool for easy download as drivers for various Lenovo computer to gape dangerous vulnerabilities. Attackers could inject about malware in the system.
Actually, should the system update service decrease on computers from Lenovo and the user work alongside current drivers import and security updates. Now the service tool but itself to vulnerability and attackers could smuggle several ways malicious code into the system. The researchers Michael Milvich and Sofiane Talmat have found the security adviser IOActive
According to Lenovo, the following computer series are affected:.
- All ThinkPad models
- All ThinkCentre models
- All ThinkStation models
- Lenovo V / B / K / E Series
Milvich and according Talmat is the Version 5.6.0.27 and earlier the Lenovo Update Services vulnerable. The weaknesses found by the researchers in February this year. Meanwhile, Lenovo has released an update that is to fill the security gaps. However, a silent installation does not take place, and users need to install the patch itself. Vulnerable versions are intended to identify affected at least in the form of a message on the update.
attack to imagine, but connected with expenses
About the vulnerability CVE-2015-2233 might hackers bypass the signature check and so applications from Lenovo to replace with malware, report safety researchers. About two gaps (CVE-2015-2219 and CVE-2015-2234) to attackers could gain admin rights and then run malicious programs.
For attackers but would have to as a Man in the Middle in a existing connection latch. That’s in a public Wi-Fi, for example in an internet cafe, quite conceivable, but also where it is connected with some effort. For an attack in their own homes, the attacker would gain only once access to the router.
Lenovo recently made headlines in February this year, when it was revealed that they have delivered laptops with pre-installed adware Superfish. This was not only annoying but also dangerous because attackers could prove their identity because of a certificate problem with any identity to Lenovo-owners. (the)
No comments:
Post a Comment